I have setup a test machine and tried to ssh from externally I get connection refused. But when I try from a local machine and local address it works well but if I try global ip it fails. I have port forwarded 22 to the machine. Any more steps I am missing? I have done this too netstat -ntlp and I can see the port 22 with sshd service.
Iptables details
kts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
4 160 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
4 240 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9000
23 3671 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Netstat-tulpn results
Chain OUTPUT (policy ACCEPT 28 packets, 3991 bytes)
pkts bytes target prot opt in out source destination
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1593/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1468/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1671/master
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1349/rpcbind
tcp 0 0 0.0.0.0:52084 0.0.0.0:* LISTEN 1413/rpc.statd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1862/dnsmasq
tcp 0 0 :::22 :::* LISTEN 1593/sshd
tcp 0 0 ::1:631 :::* LISTEN 1468/cupsd
tcp 0 0 :::36952 :::* LISTEN 1413/rpc.statd
tcp 0 0 :::111 :::* LISTEN 1349/rpcbind
tcp 0 0 :::80 :::* LISTEN 1694/httpd
udp 0 0 0.0.0.0:741 0.0.0.0:* 1413/rpc.statd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 1395/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 1349/rpcbind
udp 0 0 0.0.0.0:631 0.0.0.0:* 1468/cupsd
udp 0 0 0.0.0.0:53019 0.0.0.0:* 1395/avahi-daemon:
udp 0 0 0.0.0.0:676 0.0.0.0:* 1349/rpcbind
udp 0 0 192.168.122.1:53 0.0.0.0:* 1862/dnsmasq
udp 0 0 0.0.0.0:33975 0.0.0.0:* 1413/rpc.statd
udp 0 0 0.0.0.0:67 0.0.0.0:* 1862/dnsmasq
udp 0 0 :::44763 :::* 1413/rpc.statd
udp 0 0 :::111 :::* 1349/rpcbind
udp 0 0 :::676 :::* 1349/rpcbind
pkts bytes target prot opt in out source destination
If you can access it from a local address but not from an outside address, my guess is that the problem is the port forwarding on your router, and not iptables. If you want to confirm that, stop iptables on your server and try again from the outside.
If you're worried you'll be hacked while you test this (bit paranoid if you are, but eh...), then install and setup DenyHosts. If you already have it installed, then check your /etc/hosts.deny to see if it blocked you before.
If it works while iptables is off, then you know the problem is a bad rule somewhere in there.